<?php
define('IN_ADMINCP', true);
require_once './system/common.inc.php';
if(!is_admin($uid)) exit('Access Denied');
$formhash = substr(md5(substr(TIMESTAMP, 0, -7).$username.$uid.SYS_KEY.ROOT.'ADMINCP_ONLY'), 5, 14);

switch($_GET['action']){
	case 'load_setting':
		$data = array();
		$query = DB::query('SELECT * FROM setting');
		while($result = DB::fetch($query)){
			if($result['v']) $data[$result['k']] = $result['v'];
		}
		exit(json_encode($data));
		break;
	case 'load_user':
		$data = array();
		$query = DB::query("SELECT uid, username, email FROM member ORDER BY uid");
		while($result = DB::fetch($query)){
			$data[] = $result;
		}
		exit(json_encode($data));
		break;
	case 'load_new':
		$data = array();
		$query = DB::query("SELECT * FROM songs WHERE status='2' ORDER BY id ASC");
		while($result = DB::fetch($query)){
			$data[] = $result;
		}
		exit(json_encode($data));
		break;
	case 'load_list':
		$data = array();
		$query = DB::query('SELECT * FROM songs ORDER BY `id` DESC');
		while($result = DB::fetch($query)){
			$data[] = $result;
		}
		exit(json_encode($data));
		break;
	case 'update_setting':
		if($formhash != $_POST['formhash']) showmessage('来源不可信，请重试', 'admin.php#config');
		saveSetting('notice', daddslashes($_POST['notice']));
		saveSetting('block_register', ($_POST['block_register'] ? 1 : 0));
		saveSetting('invite_code', daddslashes($_POST['invite_code']));
		saveSetting('block_upload', ($_POST['block_upload'] ? 1 : 0));
		saveSetting('block_download', ($_POST['block_download'] ? 1 : 0));
		saveSetting('quality_1', daddslashes($_POST['quality_1']));
		saveSetting('quality_2', daddslashes($_POST['quality_2']));
		saveSetting('quality_3', daddslashes($_POST['quality_3']));
		saveSetting('block_vdisk', ($_POST['block_vdisk'] ? 1 : 0));
		saveSetting('block_baidupcs', ($_POST['block_baidupcs'] ? 1 : 0));
		saveSetting('block_vdisk_reason', daddslashes($_POST['block_vdisk_reason']));
		saveSetting('block_baidupcs_reason', daddslashes($_POST['block_baidupcs_reason']));
		showmessage('设置已经保存', 'admin.php#config', 2);
		break;
	case 'deluser':
		$_uid = intval($_GET['uid']);
		if($uid == $_uid) showmessage('删你自己的号是要作死啊？！', 'admin.php#user');
		if($formhash != $_GET['formhash']) showmessage('来源不可信，请重试', 'admin.php#user');
		DB::query("DELETE FROM member WHERE uid='{$_uid}'");
		showmessage('删除用户成功', 'admin.php#user', 1);
		break;
	case 'pass':
		$id = $_GET['id'];
		if(!$id) showmessage('参数不完整','admin.php#new');
		if($formhash != $_GET['formhash']) showmessage('来源不可信，请重试', 'admin.php#new');
		DB::update('songs',array('status'=>'3'),array('id'=>$id));
		showmessage('歌曲审核通过', 'admin.php#new', 1);
		break;
	case 'delsong':
		$id = $_GET['id'];
		if(!$id) showmessage('参数不完整','admin.php#new');
		if($formhash != $_GET['formhash']) showmessage('来源不可信，请重试', 'admin.php#new');
		DB::query("DELETE FROM songs WHERE id='{$id}'");
		showmessage('歌曲删除成功', 'admin.php#list', 1);
		break;
	default:
		include template('admin');
		break;
}